>debug crypto isa
>debug crypto ipsec
>
>с двух сторон покажите...
Может из-за того что часы на роутере "съехали"
Или нет default router на удаленном комп. из 10.13.1.0/24?
Ведь в одну сторону работает, а обратно ничего не идет :(
PIX
ISAKMP (0): retransmitting phase 1...
crypto_isakmp_process_block:src:195.190.123.218, dest:82.140.75.254 spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing SA payload. message ID = 0
ISAKMP (0): Checking ISAKMP transform 1 against priority 21 policy
ISAKMP: encryption 3DES-CBC
ISAKMP: hash MD5
ISAKMP: default group 2
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
ISAKMP (0): atts are acceptable. Next payload is 0
ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:195.190.123.218, dest:82.140.75.254 spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing KE payload. message ID = 0
ISAKMP (0): processing NONCE payload. message ID = 0
ISAKMP (0): processing vendor id payload
ISAKMP (0): processing vendor id payload
ISAKMP (0): remote peer supports dead peer detection
ISAKMP (0): processing vendor id payload
ISAKMP (0): speaking to another IOS box!
ISAKMP (0): processing vendor id payload
ISAKMP (0): received xauth v6 vendor id
ISAKMP (0): ID payload
next-payload : 8
type : 1
protocol : 17
port : 500
length : 8
ISAKMP (0): Total payload length: 12
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:195.190.123.218, dest:82.140.75.254 spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing ID payload. message ID = 0
ISAKMP (0): processing HASH payload. message ID = 0
ISAKMP (0): SA has been authenticated
ISAKMP (0): beginning Quick Mode exchange, M-ID of -1301902146:b2668cbeIPSEC(key_engine): got a queue event...
IPSEC(spi_response): getting spi 0x383b51a8(943411624) for SA
from 195.190.123.218 to 82.140.75.254 for prot 3
return status is IKMP_NO_ERROR
ISAKMP (0): sending INITIAL_CONTACT notify
ISAKMP (0): sending NOTIFY message 24578 protocol 1
VPN Peer: ISAKMP: Added new peer: ip:195.190.123.218/500 Total VPN Peers:1
VPN Peer: ISAKMP: Peer ip:195.190.123.218/500 Ref cnt incremented to:1 Total VPN Peers:1
crypto_isakmp_process_block:src:195.190.123.218, dest:82.140.75.254 spt:500 dpt:500
OAK_QM exchange
oakley_process_quick_mode:
OAK_QM_IDLE
ISAKMP (0): processing SA payload. message ID = 2993065150
ISAKMP : Checking IPSec proposal 1
ISAKMP: transform 1, ESP_3DES
ISAKMP: attributes in transform:
ISAKMP: encaps is 1
ISAKMP: SA life type in seconds
ISAKMP: SA life duration (basic) of 28800
ISAKMP: SA life type in kilobytes
ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
ISAKMP: authenticator is HMAC-MD5
ISAKMP (0): atts are acceptable.IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) dest= 195.190.123.218, src= 82.140.75.254,
dest_proxy= 10.13.1.0/255.255.255.0/0/0 (type=4),
src_proxy= 10.13.0.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-md5-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
ISAKMP (0): processing NONCE payload. message ID = 2993065150
ISAKMP (0): processing ID payload. message ID = 2993065150
ISAKMP (0): processing ID payload. message ID = 2993065150
ISAKMP (0): processing NOTIFY payload 24576 protocol 3
spi 3538283488, message ID = 2993065150
ISAKMP (0): processing responder lifetime
ISAKMP (0): responder lifetime of 3600smap_alloc_entry: allocating entry 3
map_alloc_entry: allocating entry 4
ISAKMP (0): Creating IPSec SAs
inbound SA from 195.190.123.218 to 82.140.75.254 (proxy 10.13.1.0 to 10.13.0.0)
has spi 943411624 and conn_id 3 and flags 4
lifetime of 3600 seconds
lifetime of 4608000 kilobytes
outbound SA from 82.140.75.254 to 195.190.123.218 (proxy 10.13.0.0 to 10.13.1.0)
has spi 3538283488 and conn_id 4 and flags 4
lifetime of 3600 seconds
lifetime of 4608000 kilobytesIPSEC(key_engine): got a queue event...
IPSEC(initialize_sas): ,
(key eng. msg.) dest= 82.140.75.254, src= 195.190.123.218,
dest_proxy= 10.13.0.0/255.255.255.0/0/0 (type=4),
src_proxy= 10.13.1.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0x383b51a8(943411624), conn_id= 3, keysize= 0, flags= 0x4
IPSEC(initialize_sas): ,
(key eng. msg.) src= 82.140.75.254, dest= 195.190.123.218,
src_proxy= 10.13.0.0/255.255.255.0/0/0 (type=4),
dest_proxy= 10.13.1.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0xd2e5ebe0(3538283488), conn_id= 4, keysize= 0, flags= 0x4
VPN Peer: IPSEC: Peer ip:195.190.123.218/500 Ref cnt incremented to:2 Total VPN Peers:1
VPN Peer: IPSEC: Peer ip:195.190.123.218/500 Ref cnt incremented to:3 Total VPN Peers:1
============================================================
router
============================================================
*Apr 5 01:07:59.983: IPSEC(add_sa): have new SAs -- expire existing in 30 sec.,
(sa) sa_dest= 82.140.75.254, sa_prot= 50,
sa_spi= 0x383B51A8(943411624),
sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 2001,
(identity) local= 195.190.123.218, remote= 82.140.75.254,
local_proxy= 10.13.1.0/255.255.255.0/0/0 (type=4),
remote_proxy= 10.13.0.0/255.255.255.0/0/0 (type=4)
*Apr 5 01:07:59.987: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 82.140.75.254, sa_prot= 50,
sa_spi= 0x383B51A8(943411624),
sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 2001
*Apr 5 01:08:00.727: ISAKMP (0:1): peer does not do paranoid keepalives.
*Apr 5 01:08:00.731: ISAKMP (0:1): deleting SA reason "death by tree-walk node" state (R) QM_IDLE (peer 82.140.75.254) input queue 0
*Apr 5 01:08:00.803: ISAKMP: set new node -1870319372 to QM_IDLE
*Apr 5 01:08:00.843: CryptoEngine0: generate hmac context for conn id 1
*Apr 5 01:08:00.859: ISAKMP (0:1): sending packet to 82.140.75.254 my_port 500 peer_port 500 (R) QM_IDLE
*Apr 5 01:08:00.867: ISAKMP (0:1): purging node -1870319372
*Apr 5 01:08:00.871: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
*Apr 5 01:08:00.871: ISAKMP (0:1): Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA
*Apr 5 01:08:00.879: ISAKMP (0:1): deleting SA reason "" state (R) QM_IDLE (peer 82.140.75.254) input queue 0
*Apr 5 01:08:00.903: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Apr 5 01:08:00.903: ISAKMP (0:1): Old State = IKE_DEST_SA New State = IKE_DEST_SA
*Apr 5 01:08:01.063: ISAKMP: received ke message (3/1)
Apr 5 01:08:01.063: ISAKMP: ignoring request to send delete notify (no (authenticated) ISAKMP sa) src 195.190.123.218 dst 82.140.75.254 for SPI 0xD2E5EBE0
*Apr 5 01:08:04.367: ISAKMP (0:0): received packet from 82.140.75.254 dport 500 sport 500 Global (N) NEW SA
*Apr 5 01:08:04.375: ISAKMP: local port 500, remote port 500
*Apr 5 01:08:04.379: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 2BB0644
*Apr 5 01:08:04.387: ISAKMP (0:2): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Apr 5 01:08:04.387: ISAKMP (0:2): Old State = IKE_READY New State = IKE_R_MM1
*Apr 5 01:08:04.403: ISAKMP (0:2): processing SA payload. message ID = 0
*Apr 5 01:08:04.423: ISAKMP: Looking for a matching key for 82.140.75.254 in default : success
*Apr 5 01:08:04.427: ISAKMP (0:2): found peer pre-shared key matching 82.140.75.254
*Apr 5 01:08:04.431: ISAKMP (0:2) local preshared key found
*Apr 5 01:08:04.443: ISAKMP : Scanning profiles for xauth ...
*Apr 5 01:08:04.447: ISAKMP (0:2): Checking ISAKMP transform 1 against priority 11 policy
*Apr 5 01:08:04.451: ISAKMP: encryption 3DES-CBC
*Apr 5 01:08:04.451: ISAKMP: hash MD5
*Apr 5 01:08:04.451: ISAKMP: default group 2
*Apr 5 01:08:04.451: ISAKMP: auth pre-share
*Apr 5 01:08:04.455: ISAKMP: life type in seconds
*Apr 5 01:08:04.455: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
*Apr 5 01:08:04.463: ISAKMP (0:2): atts are acceptable. Next payload is 0
*Apr 5 01:08:04.475: CryptoEngine0: generate alg parameter
*Apr 5 01:08:04.995: CRYPTO_ENGINE: Dh phase 1 status: 0
*Apr 5 01:08:04.995: CRYPTO_ENGINE: Dh phase 1 status: 0
*Apr 5 01:08:04.999: ISAKMP (0:2): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Apr 5 01:08:04.999: ISAKMP (0:2): Old State = IKE_R_MM1 New State = IKE_R_MM1
*Apr 5 01:08:05.015: ISAKMP (0:2): sending packet to 82.140.75.254 my_port 500 peer_port 500 (R) MM_SA_SETUP
*Apr 5 01:08:05.015: ISAKMP (0:2): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Apr 5 01:08:05.019: ISAKMP (0:2): Old State = IKE_R_MM1 New State = IKE_R_MM2
*Apr 5 01:08:05.379: ISAKMP (0:2): received packet from 82.140.75.254 dport 500 sport 500 Global (R) MM_SA_SETUP
*Apr 5 01:08:05.383: ISAKMP (0:2): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Apr 5 01:08:05.383: ISAKMP (0:2): Old State = IKE_R_MM2 New State = IKE_R_MM3
*Apr 5 01:08:05.387: ISAKMP (0:2): processing KE payload. message ID = 0
*Apr 5 01:08:05.387: CryptoEngine0: generate alg parameter
*Apr 5 01:08:06.003: ISAKMP (0:2): processing NONCE payload. message ID = 0
*Apr 5 01:08:06.011: ISAKMP: Looking for a matching key for 82.140.75.254 in default : success
*Apr 5 01:08:06.011: ISAKMP (0:2): found peer pre-shared key matching 82.140.75.254
*Apr 5 01:08:06.015: CryptoEngine0: create ISAKMP SKEYID for conn id 2
*Apr 5 01:08:06.019: ISAKMP (0:2): SKEYID state generated
*Apr 5 01:08:06.023: ISAKMP (0:2): processing vendor id payload
*Apr 5 01:08:06.023: ISAKMP (0:2): vendor ID seems Unity/DPD but major 215 mismatch
*Apr 5 01:08:06.027: ISAKMP (0:2): vendor ID is XAUTH
*Apr 5 01:08:06.031: ISAKMP (0:2): processing vendor id payload
*Apr 5 01:08:06.031: ISAKMP (0:2): vendor ID is DPD
*Apr 5 01:08:06.035: ISAKMP (0:2): processing vendor id payload
*Apr 5 01:08:06.035: ISAKMP (0:2): vendor ID is Unity
*Apr 5 01:08:06.035: ISAKMP (0:2): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Apr 5 01:08:06.039: ISAKMP (0:2): Old State = IKE_R_MM3 New State = IKE_R_MM3
*Apr 5 01:08:06.051: ISAKMP (0:2): sending packet to 82.140.75.254 my_port 500 peer_port 500 (R) MM_KEY_EXCH
*Apr 5 01:08:06.055: ISAKMP (0:2): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Apr 5 01:08:06.055: ISAKMP (0:2): Old State = IKE_R_MM3 New State = IKE_R_MM4
*Apr 5 01:08:06.431: ISAKMP (0:2): received packet from 82.140.75.254 dport 500 sport 500 Global (R) MM_KEY_EXCH
*Apr 5 01:08:06.435: ISAKMP (0:2): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Apr 5 01:08:06.435: ISAKMP (0:2): Old State = IKE_R_MM4 New State = IKE_R_MM5
*Apr 5 01:08:06.439: ISAKMP (0:2): processing ID payload. message ID = 0
*Apr 5 01:08:06.443: ISAKMP (0:2): ID payload
next-payload : 8
type : 1
address : 82.140.75.254
protocol : 17
port : 500
length : 12
*Apr 5 01:08:06.443: ISAKMP (0:2): peer matches *none* of the profiles
*Apr 5 01:08:06.447: ISAKMP (0:2): processing HASH payload. message ID = 0
*Apr 5 01:08:06.451: CryptoEngine0: generate hmac context for conn id 2
*Apr 5 01:08:06.459: ISAKMP (0:2): SA authentication status:
authenticated
*Apr 5 01:08:06.459: ISAKMP (0:2): SA has been authenticated with 82.140.75.254
*Apr 5 01:08:06.459: ISAKMP (0:2): peer matches *none* of the profiles
*Apr 5 01:08:06.463: ISAKMP (0:2): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Apr 5 01:08:06.463: ISAKMP (0:2): Old State = IKE_R_MM5 New State = IKE_R_MM5
*Apr 5 01:08:06.467: ISAKMP (0:2): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
*Apr 5 01:08:06.467: ISAKMP (0:2): ID payload
next-payload : 8
type : 1
address : 195.190.123.218
protocol : 17
port : 500
length : 12
*Apr 5 01:08:06.471: ISAKMP (2): Total payload length: 12
*Apr 5 01:08:06.471: CryptoEngine0: generate hmac context for conn id 2
*Apr 5 01:08:06.479: CryptoEngine0: clear dh number for conn id 1
*Apr 5 01:08:06.483: ISAKMP (0:2): sending packet to 82.140.75.254 my_port 500 peer_port 500 (R) MM_KEY_EXCH
*Apr 5 01:08:06.483: ISAKMP (0:2): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Apr 5 01:08:06.487: ISAKMP (0:2): Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE
*Apr 5 01:08:06.491: ISAKMP (0:2): Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
*Apr 5 01:08:06.491: ISAKMP (0:2): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
*Apr 5 01:08:06.631: ISAKMP (0:2): received packet from 82.140.75.254 dport 500 sport 500 Global (R) QM_IDLE
*Apr 5 01:08:06.631: ISAKMP: set new node -1729790444 to QM_IDLE
*Apr 5 01:08:06.635: CryptoEngine0: generate hmac context for conn id 2
*Apr 5 01:08:06.639: ISAKMP (0:2): processing HASH payload. message ID = -1729790444
*Apr 5 01:08:06.639: ISAKMP (0:2): processing NOTIFY INITIAL_CONTACT protocol 1
spi 0, message ID = -1729790444, sa = 2BB0644
*Apr 5 01:08:06.643: ISAKMP (0:2): SA authentication status:
authenticated
*Apr 5 01:08:06.643: ISAKMP (0:2): Process initial contact,
bring down existing phase 1 and 2 SA's with local 195.190.123.218 remote 82.140.75.254 remote port 500
*Apr 5 01:08:06.647: IPSEC(key_engine): got a queue event...
*Apr 5 01:08:06.655: ISAKMP (0:2): deleting node -1729790444 error FALSE reason "informational (in) state 1"
*Apr 5 01:08:06.655: ISAKMP (0:2): Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
*Apr 5 01:08:06.655: ISAKMP (0:2): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
*Apr 5 01:08:06.663: ISAKMP (0:2): received packet from 82.140.75.254 dport 500 sport 500 Global (R) QM_IDLE
*Apr 5 01:08:06.663: ISAKMP: set new node 499481984 to QM_IDLE
*Apr 5 01:08:06.671: CryptoEngine0: generate hmac context for conn id 2
*Apr 5 01:08:06.671: ISAKMP (0:2): processing HASH payload. message ID = 499481984
*Apr 5 01:08:06.675: ISAKMP (0:2): processing SA payload. message ID = 499481984
*Apr 5 01:08:06.675: ISAKMP (0:2): Checking IPSec proposal 1
*Apr 5 01:08:06.675: ISAKMP: transform 1, ESP_3DES
*Apr 5 01:08:06.675: ISAKMP: attributes in transform:
*Apr 5 01:08:06.675: ISAKMP: encaps is 1 (Tunnel)
*Apr 5 01:08:06.679: ISAKMP: SA life type in seconds
*Apr 5 01:08:06.679: ISAKMP: SA life duration (basic) of 28800
*Apr 5 01:08:06.679: ISAKMP: SA life type in kilobytes
*Apr 5 01:08:06.679: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
*Apr 5 01:08:06.683: ISAKMP: authenticator is HMAC-MD5
*Apr 5 01:08:06.683: CryptoEngine0: validate proposal
*Apr 5 01:08:06.687: ISAKMP (0:2): atts are acceptable.
*Apr 5 01:08:06.687: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 195.190.123.218, remote= 82.140.75.254,
local_proxy= 10.13.1.0/255.255.255.0/0/0 (type=4),
remote_proxy= 10.13.0.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-md5-hmac (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2
*Apr 5 01:08:06.695: CryptoEngine0: validate proposal request
*Apr 5 01:08:06.699: IPSEC(kei_proxy): head = nolan, map->ivrf = , kei->ivrf =
*Apr 5 01:08:06.707: ISAKMP (0:2): processing NONCE payload. message ID = 499481984
*Apr 5 01:08:06.707: ISAKMP (0:2): processing ID payload. message ID = 499481984
*Apr 5 01:08:06.711: ISAKMP (0:2): processing ID payload. message ID = 499481984
*Apr 5 01:08:06.711: ISAKMP (0:2): asking for 1 spis from ipsec
*Apr 5 01:08:06.711: ISAKMP (0:2): Node 499481984, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
*Apr 5 01:08:06.715: ISAKMP (0:2): Old State = IKE_QM_READY New State = IKE_QM_SPI_STARVE
*Apr 5 01:08:06.715: IPSEC(key_engine): got a queue event...
*Apr 5 01:08:06.723: IPSEC(spi_response): getting spi 4022030768 for SA
from 195.190.123.218 to 82.140.75.254 for prot 3
*Apr 5 01:08:06.723: ISAKMP: received ke message (2/1)
*Apr 5 01:08:06.967: CryptoEngine0: generate hmac context for conn id 2
*Apr 5 01:08:06.967: CryptoEngine0: ipsec allocate flow
*Apr 5 01:08:06.971: CryptoEngine0: ipsec allocate flow
*Apr 5 01:08:06.983: ISAKMP (0:2): Creating IPSec SAs
*Apr 5 01:08:06.983: inbound SA from 82.140.75.254 to 195.190.123.218 (f/i) 0/ 0
(proxy 10.13.0.0 to 10.13.1.0)
*Apr 5 01:08:06.987: has spi 0xEFBB51B0 and conn_id 2000 and flags 2
*Apr 5 01:08:06.987: lifetime of 28800 seconds
*Apr 5 01:08:06.987: lifetime of 4608000 kilobytes
*Apr 5 01:08:06.987: has client flags 0x0
*Apr 5 01:08:06.991: outbound SA from 195.190.123.218 to 82.140.75.254 (f/i) 0/ 0 (proxy 10.13.1.0 to 10.13.0.0 )
*Apr 5 01:08:06.991: has spi 415323685 and conn_id 2001 and flags A
*Apr 5 01:08:06.991: lifetime of 28800 seconds
*Apr 5 01:08:06.995: lifetime of 4608000 kilobytes
*Apr 5 01:08:06.995: has client flags 0x0
*Apr 5 01:08:06.999: ISAKMP (0:2): sending packet to 82.140.75.254 my_port 500 peer_port 500 (R) QM_IDLE
*Apr 5 01:08:07.003: ISAKMP (0:2): Node 499481984, Input = IKE_MESG_FROM_IPSEC, IKE_SPI_REPLY
*Apr 5 01:08:07.003: ISAKMP (0:2): Old State = IKE_QM_SPI_STARVE New State = IKE_QM_R_QM2
*Apr 5 01:08:07.007: IPSEC(key_engine): got a queue event...
*Apr 5 01:08:07.007: IPSEC(initialize_sas): ,
(key eng. msg.) INBOUND local= 195.190.123.218, remote= 82.140.75.254,
local_proxy= 10.13.1.0/255.255.255.0/0/0 (type=4),
remote_proxy= 10.13.0.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-md5-hmac (Tunnel),
lifedur= 28800s and 4608000kb,
spi= 0xEFBB51B0(4022030768), conn_id= 2000, keysize= 0, flags= 0x2
*Apr 5 01:08:07.011: IPSEC(initialize_sas): ,
(key eng. msg.) OUTBOUND local= 195.190.123.218, remote= 82.140.75.254,
local_proxy= 10.13.1.0/255.255.255.0/0/0 (type=4),
remote_proxy= 10.13.0.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-md5-hmac (Tunnel),
lifedur= 28800s and 4608000kb,
spi= 0x18C15625(415323685), conn_id= 2001, keysize= 0, flags= 0xA
*Apr 5 01:08:07.019: IPSEC(kei_proxy): head = nolan, map->ivrf = , kei->ivrf =
*Apr 5 01:08:07.027: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 82.140.75.254
*Apr 5 01:08:07.027: IPSEC(add mtree): src 10.13.1.0, dest 10.13.0.0, dest_port 0
*Apr 5 01:08:07.031: IPSEC(create_sa): sa created,
(sa) sa_dest= 195.190.123.218, sa_prot= 50,
sa_spi= 0xEFBB51B0(4022030768),
sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 2000
*Apr 5 01:08:07.031: IPSEC(create_sa): sa created,
(sa) sa_dest= 82.140.75.254, sa_prot= 50,
sa_spi= 0x18C15625(415323685),
sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 2001
*Apr 5 01:08:07.223: ISAKMP (0:2): received packet from 82.140.75.254 dport 500 sport 500 Global (R) QM_IDLE
*Apr 5 01:08:07.227: CryptoEngine0: generate hmac context for conn id 2
*Apr 5 01:08:07.227: ISAKMP (0:2): deleting node 499481984 error FALSE reason "quick mode done (await)"
*Apr 5 01:08:07.231: ISAKMP (0:2): Node 499481984, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
*Apr 5 01:08:07.231: ISAKMP (0:2): Old State = IKE_QM_R_QM2 New State = IKE_QM_PHASE2_COMPLETE
*Apr 5 01:08:07.235: IPSEC(key_engine): got a queue event...
*Apr 5 01:08:07.235: IPSEC(key_engine_enable_outbound): rec'd enable notify from ISAKMP
*Apr 5 01:08:07.235: IPSEC(key_engine_enable_outbound): enable SA with spi 415323685/50 for 82.140.75.254
Вариант для распечатки
Маршрутизаторы CISCO и др. оборудование. (Public)
(ok) on
20-Июн-05, 13:06 (MSK)
